Archive

Is your online e-mail account secure, with a 25 character alpha-numeric complex password? If you say yes, then you might need to read through the rest of the article.

Sadly the answer is a no, not necessarily.

A person who gets access to your personal online accounts with a malicious intent without your knowledge is called a hacker. But the term is normally associated with a person far off somewhere who’s using complex tools and techniques with immense knowledge of computer science. No, he needn’t be all that. He could just as well be a disgruntled colleague or an estranged lover or a total stranger who you tagged as a friend on Facebook, who is looking to gain access to your online account with a malicious intent. And this malicious intent can be from having a peek into your personal emails or spamming your account to vent off their ire or deface your public content or even look at siphon off some money from your bank accounts.

And do you need complex tools and techniques to get illegal access to your account? No, it can be done without them, if you’re providing the access yourself. Welcome to the term, Social Engineering.

Social engineering was once a social science term according to Wikipedia, but more associated with computers and security in recent days. It is a defined as an act of manipulating people into performing actions or divulging confidential information. But this day and age, there is no need to manipulate a person to get personal information, because all your actions are online in the social media.

Vulnerabilities: Let’s see a small illustration. Every email account has a “Forgot your password?” facility, which is designed for the rightful owners in case they had forgotten their password. Most of them identify you by a security question. This is something not everyone pays attention to, and mistakenly keeps a very simple one. Say like, “What’s my dog’s name?” And if your Facebook or Twitter update yesterday said, “Fun time with my fluffy” along with a picture of you and your pet dog, then you just gave someone an easy ticket to your personal emails.

An access to your emails means a little more than just a chance to read your personal emails. Most email or even your Facebook account have a chat feature and retain your chat transcripts. Your online bank account details/passwords are all at stake if you had openly chatted about it with someone very close or even your family member. All the hacker needs to do is sift through your chat history and dig gold out of it, quite literally.

Preventive measures to safeguard: It is very easy to share information online, Facebook, Twitter or a million other sites which make it easy to do so. But take a judgement call on what’s worth sharing and what’s not. It is not advisable to share what they call PII or Personally Identifiable Information. Likewise, it is not advisable to place very easily accessible information like your pet names as Security questions. Most online accounts provide facility to track usage through mobile phones, record new activity, log usage from new machines, etc… Make the best use of them.

Be proactive while adding friends on Social networking sites; Classify between friends and total strangers. When you’re sharing information on social media, be sure to choose your target audience and share it only with who needs know. If you’re a very active user of such social media, then spend some time to read about the safety and security features of the website. And in any case of suspicious activity on your account, proactively report it to the website administrators.

When technology leaps two steps to help humanity, it also enables certain elements leap four steps to harm us. Ignorance is never bliss; it does more harm than imagined.

Firstly, be it a tech-savvy or be it a normal person, everyone has a life online. Here online, I refer to the internet and the myriads of websites there in. Programming forums, healthcare, lifestyle, romance, banking, travel, blogging, electronic mail, ecommerce; these are just few of the categories that pop in my head when I think of what we do online.

Let’s do the math. Each of these categories has at least n different websites/vendors associated with it. Say, electronic mail – you have Gmail, Hotmail, and MSN and so on. Take for instance ecommerce, you have Amazon, e-bay, or may be even the flip kart. Each of these require you to register and have an identity (username and password) associated with them.

Normally you choose to have the same username with all of them. But the rules vary with many, some allowing symbols, some disallowing numbers – you are forced to vary your usernames with the websites. And same is true for passwords – One of your comfortable passwords might be unacceptable by some accounts. Some websites have to be associated with email identities. If you took to internet after Gmail came in, then chances are you’ve associated all your email accounts with it. If otherwise, you might have had a host of other email accounts like, yahoo.com or live.com.

Now each identity needs a password. Let’s see.

1. You can use the same password for all your accounts.

Great choice. Allows you to remember a single password for all your identities. But this leaves you at a risk. One of your accounts gets hacked into, and you lose across the board.

2. You use a new password for each of your accounts.

This reduces your vulnerability to a hack. Even if one of your accounts gets compromised, you can save all your rest. But that gives you N passwords for n accounts you hold. Mighty hard to remember isn’t it?

Good online behaviour states, you cycle your passwords at least every 45 days to prevent your accounts from getting compromised. Now how do you do that, without having to go through the trouble of remembering the new sets of passwords again?

This discussion did not mention, ghost accounts (which you have probably false identities), intranet accounts (which are not under the internet category – but still requires a username/password and hence a necessary payload on your brain)

IMO, this seems to be a pretty interesting and wide area for research. If necessity is the mother of invention, this is the right time to invent, discover or re-discover a cost-effective solution that is within reach for a normal internet user. A normal user is right now juggling with at least 10 online accounts in his hands, forgetting passwords every 10 days, clicking on that seemingly helpful “Forgot your password” link. Or an unassuming user is in a false-sense of assurance having a same password for all his online accounts, screaming to be hacked and compromised.

The solution being proposed for curbing online identity explosion should provide, a way to access all your online accounts in an easier manner, while ensuring that:

Safety of the identities are secure against any forms of hack

Solution is accessible to nay web user – with minimal or zero-overhead

Various modes of access are addressed – Mobile, single point of access, multiple point of access